1 00:00:00,210 --> 00:00:06,600 Welcome to Section nine and this section, we're going to go over post exploitation, this is essentially 2 00:00:06,600 --> 00:00:14,220 where we are at the stage of actually getting access to information, getting access to the data right. 3 00:00:14,640 --> 00:00:21,630 Where we can use several different methods here, techniques to actually get us access to different 4 00:00:21,630 --> 00:00:28,170 types of data, different types of networks, how we can create different types of malware, where we 5 00:00:28,170 --> 00:00:34,380 can avoid different types of detection and be able to gain several different access points. 6 00:00:34,380 --> 00:00:35,660 So let's go ahead and jump in here. 7 00:00:36,090 --> 00:00:43,200 So the Section nine overview here, we're going to go over different ways that we can use to exploit 8 00:00:43,200 --> 00:00:46,830 our target host here right after it's been compromised. 9 00:00:46,870 --> 00:00:52,160 And so what we're going to be going over here specifically is what exactly is post exploitation? 10 00:00:52,740 --> 00:00:59,010 We're going to go over privileged exploitation and how that works, installing a back door, creating 11 00:00:59,010 --> 00:01:06,570 custom malware, avoiding antivirus protection, looking for files and then transferring files in and 12 00:01:06,570 --> 00:01:09,970 out of the victim and then the installing a key logger. 13 00:01:10,200 --> 00:01:17,460 This is huge here for being able to get access to passwords, very important information through a very 14 00:01:17,460 --> 00:01:18,630 unique technique. 15 00:01:18,630 --> 00:01:21,750 And then active directory and numeration and attacks. 16 00:01:21,900 --> 00:01:26,220 And just the quick disclaimer here, just like with any other section, anything that you learn here 17 00:01:26,220 --> 00:01:28,980 is going to be for educational purposes only. 18 00:01:29,280 --> 00:01:32,220 And it's meant to be used for ethical hacking only. 19 00:01:32,520 --> 00:01:39,330 We do not advocate, approve or condone any of these techniques to be performed maliciously unless given 20 00:01:39,330 --> 00:01:40,790 permission prior to. 21 00:01:41,340 --> 00:01:44,520 So let's talk about what exactly is post exploitation. 22 00:01:44,520 --> 00:01:52,430 So post exploitation means the phases of an operation once a victim has been compromised by the attacker. 23 00:01:52,440 --> 00:01:56,750 So just think about after you get access to a system, right? 24 00:01:56,760 --> 00:01:59,400 Once you're connected, what are the actions? 25 00:01:59,400 --> 00:01:59,580 Right. 26 00:01:59,580 --> 00:02:05,490 The plan of attack, once you're connected and the value of the compromised system is determined by 27 00:02:05,490 --> 00:02:07,590 the value of the actual data stored. 28 00:02:07,590 --> 00:02:13,200 So their bank account information is their passwords, is their credit card information. 29 00:02:13,200 --> 00:02:13,520 Right. 30 00:02:13,830 --> 00:02:17,470 That's essentially what would be valuable to a malicious attacker. 31 00:02:17,490 --> 00:02:24,030 And so this deals with collecting sensitive information, documenting it and evaluating the configuration 32 00:02:24,030 --> 00:02:28,250 settings, network interfaces in any other communication channels. 33 00:02:28,260 --> 00:02:28,580 Right. 34 00:02:29,130 --> 00:02:37,170 And so the six phases of post exploitation are understanding the victim privilege, escalation, and 35 00:02:37,170 --> 00:02:44,790 then the cleaning tracks and staying undetected, collecting system information and data and the setting 36 00:02:44,790 --> 00:02:51,960 up a back door and rootkit so you can maintain that access and then pivoting to penetrate internal networks. 37 00:02:52,350 --> 00:02:58,440 And so this is a quick overview here of Section nine post exploitation, and that is going to walk you 38 00:02:58,440 --> 00:03:01,440 through each one of these in a lot more depth. 39 00:03:01,620 --> 00:03:06,030 I'm excited for you to get started in Section nine here, and we'll see you on the next one.